本文在Ubuntu18.04運行,fabric版本為2.3.0,
目錄
- 一、Fabric環境準備
- 二、生成Fabric需要的證書檔案
- 三、創始塊的生成
- 1. 系統創始塊的生成
- 2. 賬本創始塊的生成
一、Fabric環境準備
Hyperledger Fabric環境搭建程序
注:假設所有的組態檔和資料檔案都存放在目錄/home/yulin/blockchain/fabric/Hyperledger中,下面的演示將采用直接運行模塊可執行檔案的方式,不采用Docker的方式運行,
二、生成Fabric需要的證書檔案
啟動Fabric之前首先需要生成相關的證書,生成證書是通過cryptogen模塊完成的,cryptogen模塊會根據提供的組態檔生成后序模塊運行程序中需要的證書和資料檔案,在生成證書之前需要先創建一個檔案夾存放組態檔和生成的證書檔案,
創建存放證書的檔案夾:
mkdir -p /home/yulin/blockchain/fabric/Hyperledger/fabricconfig
cryptogen提供了一個命令可以獲取cryptogen模塊所需要的組態檔的樣式:
cryptogen showtemplate
把上述命令生成的內容復制到一個檔案中,
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
EnableNodeOUs: false
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: false
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
# CA:
# Hostname: ca # implicitly ca.org1.example.com
# Country: US
# Province: California
# Locality: San Francisco
# OrganizationalUnit: Hyperledger Fabric
# StreetAddress: address for org # default nil
# PostalCode: postalCode for org # default nil
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# to be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
# addresses provided here will be properly recognized. Other
# values will be taken as DNS names.
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - 172.16.10.31
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 1
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
在上面的組態檔中有一個屬性Domain,這個值是由用戶設定的,
將上面的內容保存到/home/yulin/blockchain/fabric/Hyperledger/fabricconfig中,并命名為crypto-config.yaml,保存后執行如下命令:
cd /home/yulin/blockchain/fabric/Hyperledger/fabricconfig
cryptogen generate --config=crypto-config.yaml --output ./crypto-config
檔案夾里面會新增加一個檔案夾crypto-config,里面存放著本例的相關組態檔,通過tree查看一下生成證書檔案的內容,
$ tree -L 5
.
├── crypto-config
│ ├── ordererOrganizations
│ │ └── example.com
│ │ ├── ca
│ │ │ ├── ca.example.com-cert.pem
│ │ │ └── priv_sk
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ ├── cacerts
│ │ │ └── tlscacerts
│ │ ├── orderers
│ │ │ └── orderer.example.com
│ │ ├── tlsca
│ │ │ ├── priv_sk
│ │ │ └── tlsca.example.com-cert.pem
│ │ └── users
│ │ └── Admin@example.com
│ └── peerOrganizations
│ ├── org1.example.com
│ │ ├── ca
│ │ │ ├── ca.org1.example.com-cert.pem
│ │ │ └── priv_sk
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ ├── cacerts
│ │ │ └── tlscacerts
│ │ ├── peers
│ │ │ └── peer0.org1.example.com
│ │ ├── tlsca
│ │ │ ├── priv_sk
│ │ │ └── tlsca.org1.example.com-cert.pem
│ │ └── users
│ │ ├── Admin@org1.example.com
│ │ └── User1@org1.example.com
│ └── org2.example.com
│ ├── ca
│ │ ├── ca.org2.example.com-cert.pem
│ │ └── priv_sk
│ ├── msp
│ │ ├── admincerts
│ │ ├── cacerts
│ │ └── tlscacerts
│ ├── peers
│ │ └── peer0.org2.example.com
│ ├── tlsca
│ │ ├── priv_sk
│ │ └── tlsca.org2.example.com-cert.pem
│ └── users
│ ├── Admin@org2.example.com
│ └── User1@org2.example.com
└── crypto-config.yaml
通過上述步驟所有的整數檔案都已經生成完畢,現在需要將測驗域名映射到本機的IP地址上面,否則后面的操作可能會出現錯誤,
從上述的內容中提取出后綴為example.com的域名,本例中提取出的資訊如下:
orderer.example.com
peer0.org1.example.com
peer0.org2.example.com
打開端映射檔案:
gedit /etc/hosts
添加上如下內容:
192.168.178.144 orderer.example.com
192.168.178.144 peer0.org1.example.com
192.168.178.144 peer0.org2.example.com
檢查是否設定成功,只需使用ping,ping得通這說明設定成功,
三、創始塊的生成
1. 系統創始塊的生成
Fabric是基于區塊鏈的分布式賬本,每個賬本都擁有自己的區塊鏈,賬本的區塊鏈中會存盤賬本的交易資料,但賬本區塊鏈中的第一個區塊是個例外,該區塊不存盤交易資料而是存盤配置資訊,通常將賬本的第一個區塊稱為創始塊,綜上所述,Fabric中賬本的第一個區塊是需要手動生成的,configtxgen模塊是專門負責生成系統的創始塊和Channel(Fabric中的Channel就是賬本,關于Channel的概念在后續章節會介紹)的創始塊,configtxgen模塊也需要一個組態檔來定義相關的屬性,
下面是在Fabric原始碼中提供的configtxgen模塊所需要的組態檔的例子,該檔案的路徑是$GOPATH/src/github.com/hyperledger/fabric/sampleconfig,在這個目錄下面有一個名為configtx.yaml的檔案,對這個檔案進行修改即可使用,由于創始塊檔案是提供給Orderer節點使用,因此創建一個檔案夾來存盤Oderer節點相關的檔案,創建之后再把樣例組態檔復制到該檔案夾中,
創建存放configtxgen模塊相關組態檔的檔案夾的命令如下所示,
$ mkdir -p /home/yulin/blockchain/fabric/Hyperledger/order/
$ cp -r $GOPATH/src/github.com/hyperledger/fabric/sampleconfig/configtx.yaml /home/yulin/blockchain/fabric/Hyperledger/order/
$ cd /home/yulin/blockchain/fabric/Hyperledger/order/
對configtx.yaml進行修改,修改后的內容如下所示:
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ../fabricconfig/crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ../fabricconfig/crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: ../fabricconfig/crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2.0 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v2.0.0
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2.0 for Application enables the new non-backwards compatible
# features and fixes of fabric v2.0.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
V2_0: true
Application: &ApplicationDefaults
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the application level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
# Capabilities describes the orderer level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *OrdererCapabilities
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
Profiles:
TestTwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- <<: *Org1
- <<: *Org2
TestTwoOrgsChannel:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Org1
- <<: *Org2
組態檔修改完成之后執行如下命令生成創始塊檔案,
$ cd /home/yulin/blockchain/fabric/Hyperledger/order
$ configtxgen -profile TestTwoOrgsOrdererGenesis -channelID syschannel -outputBlock ./orderer.genesis.block
2021-02-07 16:06:48.432 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration
2021-02-07 16:06:48.459 CST [common.tools.configtxgen.localconfig] completeInitialization -> INFO 002 orderer type: solo
2021-02-07 16:06:48.460 CST [common.tools.configtxgen.localconfig] Load -> INFO 003 Loaded configuration: /home/yulin/blockchain/fabric/Hyperledger/order/configtx.yaml
2021-02-07 16:06:48.761 CST [common.tools.configtxgen] doOutputBlock -> INFO 004 Generating genesis block
2021-02-07 16:06:48.768 CST [common.tools.configtxgen] doOutputBlock -> INFO 005 Creating system channel genesis block
2021-02-07 16:06:48.833 CST [common.tools.configtxgen] doOutputBlock -> INFO 006 Writing genesis block
上述命令執行完成之后會在檔案夾/home/yulin/blockchain/fabric/Hyperledger/order中生成檔案orderer.genesis.block,這是Fabric系統的創始塊檔案,
2. 賬本創始塊的生成
通道Channel是Fabric中非常重要的概念,一個Channel表示一個賬本,Fabric和其他區塊鏈平臺最大的區別是fabric支持多賬本,每個fabric應用都至少包含一個Channel,因此創建Channel是fabric中比較重要的步驟,
創建Channel命令:
$ configtxgen -profile TestTwoOrgsChannel -outputCreateChannelTx ./mychannel.tx -channelID mychannel
2021-02-09 16:25:12.501 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration
2021-02-09 16:25:12.524 CST [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: /home/yulin/blockchain/fabric/Hyperledger/order/configtx.yaml
2021-02-09 16:25:12.524 CST [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 003 Generating new channel configtx
2021-02-09 16:25:12.538 CST [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 004 Writing new channel tx
執行完之后會生成mychannel.tx,該檔案用來生成Channel,除此之外還需要生成相關的錨點檔案,而生成錨點檔案需要執行以下命令:
$ configtxgen -profile TestTwoOrgsChannel -outputAnchorPeersUpdate ./Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP
2021-02-09 16:31:18.108 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration
2021-02-09 16:31:18.150 CST [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: /home/yulin/blockchain/fabric/Hyperledger/order/configtx.yaml
2021-02-09 16:31:18.154 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Generating anchor peer update
2021-02-09 16:31:18.161 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 004 Writing anchor peer update
$ configtxgen -profile TestTwoOrgsChannel -outputAnchorPeersUpdate ./Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP
2021-02-09 16:31:39.833 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration
2021-02-09 16:31:39.858 CST [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: /home/yulin/blockchain/fabric/Hyperledger/order/configtx.yaml
2021-02-09 16:31:39.858 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Generating anchor peer update
2021-02-09 16:31:39.860 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 004 Writing anchor peer update
命令執行完成之后會在相應的檔案夾下面生成檔案Org1MSPanchors.tx和Org2MSPanchors.tx,這些檔案在后面會用到,
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/258786.html
標籤:區塊鏈